Permission denied when trying to set cookie in a firefox web extension on a local file

Moustachauve · July 25, 2018, 8:23pm

I am trying to set a new cookie in firefox from a web extension on a page that is a local file (with the file protocol: file:///[…]) and I get the following error:

Permission denied to set cookie {“domain”:“”,“expirationDate”:null,“firstPartyDomain”:“”,“httpOnly”:null,“name”:“myCookie”,“path”:null,“secure”:null,“storeId”:null,“url”:“file:///E:/folder/mypage.html”,“value”:“myvalue”}

This is the script that I am using to insert the cookie:

var newCookie = {
        domain: '',
        name: 'myCookie',
        value: 'myValue',
        path: null,
        secure: null,
        httpOnly: null,
        expirationDate: null,
        storeId: null,
        url: 'file:///E:/folder/mypage.html',
    };

    if (cookie.hostOnly) {
        newCookie.domain = null;
    }
    browser.cookies.set(newCookie).then(function (e) {
        console.log('success!');
    }, function (e) {
        console.error(e);
    });

And those are the permissions configured in the manifest.json:

"permissions": [
    "cookies",
    "<all_urls>",
    "tabs"
],

I supposed I must need an extra permission, but I couldn’t find anything related to that in the documentation. all_urls should include every protocols.

What am I doing wrong here?

NilkasG · July 26, 2018, 11:01am

Are you able to execute content scripts on that file/page?

And are cookies even supposed to work on file:// pages?

Mittineague · July 26, 2018, 10:55pm

Good point. AFAIK, they are for HTTP not OS files.

If you want to work up cookie code without involving a live online file I think putting the file in a localhost server would be the way to go about it

Moustachauve · July 26, 2018, 11:30pm

@Mittineague @NilkasG Firefox does support cookies for local files.

This code document.cookie = "myCookie=myValue"; executed in the devTool console will create a cookie. My extension is also able to read and delete cookies from a local file page, but not create them.

@Mittineague I know that this is not the ideal way of developing a web page, but one of the user of my extension is requesting this feature so I was exploring if there was any way I could make my extension able to create cookies for local files

@NilkasG I will try to see if my extension can execute content scripts on that file/page

Moustachauve · July 27, 2018, 7:39pm

@NilkasG After testing, I can successfully execute content scripts on that file. For example, I ran the following script:
browser.tabs.executeScript({ code:document.cookie = “${newCookie.name}=${newCookie.value}”});
and I see that my cookie is created properly.
I could just use this when it comes to creating cookies on a local page, but that feel like a hack and I should be able to use the browser.cookies api to create cookies properly.

NilkasG · July 29, 2018, 2:56pm

Well, at least you know that this is somewhere between a bug and poor design.
You might want to search for / open this on bugzilla.

But the thing is that nobody really cares about cookies for file URLs. RFC6265 doesn’t mention it at all and I could find no other source that specifies how this would even be supposed to work.

Just tell your user to use a simple HTTP server (e.g. node.js or python).